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Abstract - This paper suggests a method of IPv6-protocol the logical characteristic use to incfeasWthe security level of 
the national information technology infrastructures (e-governments) and global information^iyBunity. 

<2r 

I. INTRODUCTION * 

A constant growth of cybercrime in the Internet is annually observed, y^\rilone the cost of cybercrime [1] is 

estimated at $ 2 bin in Russia and $ 1 10 bin worldwide. /^^^ 

"The figures speak for themselves". Given that, to identify cybercrrfonals still remains a difficult task whose so- 

♦ 

lution cannot be found in most cases. This paper develops the^Jp^its [2,3] and offers a method to reduce the com- 



plexity of the issue on the basis of IPv6-protocol the lojSjSn*haracteristic (RFC 2460 and RFC 4291 |4.5|) and 
standard ISO 3166 [6]. When the principle of inevitaMOT^nishment for cybercrime is strictly implemented, then the 
problem of managing any state and the entire wo/fl^ommunity information security (IS) would be solved. Howev- 
er, the political will of the leading powers aj^idoption of relevant international acts and standards is the main re- 
quirement to achieve victory over cybrfc^nS^ 

5^ ^ II. BACKGROUNDS 
Statement 1. The shortage o^^^Wn 4 IP addresses (IPv4) whose length is 32 bits is felt as most urgent in the In- 
ternet community. In the 9^^he version 6 IP addressing (IPv6) system which defined the 128-bit length addresses 
was proposed [2,3]. Th^^^ri capacity of the IPv6 addresses space is 2 128 = 10 39 . Such number of IPv6 addresses is 
much greater thanVn^Jrth's population. 

The standa(pU43] presented in Fig. 1 define the global unicast IPv6 addresses encoding format. 
The glrtis^Wuting prefix is (typically hierarchically-structured) a value assigned to a site (a cluster of sub- 
net the subnet identifier (ID) is an identifier of a link within the site. 
^Lpobal unicast addresses have a 64-bit interface ID field (i.e., n + m = 64), formatted. 



n bits 


m bits 


128-n-m bits 


Global routing prefix 


Subnet identifier 


Interface identifier 



Figure 1. The global unicast IPv6 addresses encoding format 
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Statement 2. In 1974 International Organization for Standardization (ISO) adopted the first version of the Interna- 
tional standard ISO 3166 [6] which defines the code names of States and dependent territories as well as the main 
administrative units within the States. In accordance with the International standard the three digits designation was 
bound to each country, for example, 643 to Russia, 840 to USA, 826 to Great Britain, 250 to France. 
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Figure 2. Htog(^jS|y#fa';.a':;', ircc. including countr\ object identifiers 



Statement 3. In the Internet to > 



• d^^)p a unified approach to the management of network hardware and software 
facilities Simple Network ^ar^pjnent Protocol has been developed (SNMP). Later SNMP improved. Now a third 
version of SNMP (SNMPvj^^in practice. 

SNMPv3 specificafiqn^jJFe based on a modular architecture consisting of: 

1) a data definij^^&dguage; 

2) definitiorVoi^management information (the Management Information Base, or MIB and MIB-II); 

3) a pjp^^definition; 
kitty and administration. 




in the SNMPv3 architecture Structure of Management Information second version (SMIv2) is applied. 
SMIv2 determines the hierarchy structure for the network management information (NMI) presented as a network 
management objects collection. Each object is bound to its own identifier {object identifier — OID). OIDs are se- 
quences of digital labels separated by dots stored in MIB(-II). 

For NMI ISO is in the highest hierarchy level (Fig. 2), "iso" = 1 . In particular, coding of the path to the root (in 
NMI hierarchy tree) follows as: 
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The country OIDs form one brunch of the NMI hierarchy tree (one path to the root). Fig. 2 show^ A^la branch: 
Country OBJECT IDENTIFIER ::= { iso 2 } — "iso"*.4tI ^ 
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Thus, every country is bound to its own OID coded as a digital label 
tries). 643 (Russian Federation). ... ; 1 (ISO). 2 (countries). 840 (USA), 
ain). ... ; 1 (ISO). 2 (countries). 250 (France) In other words, 




' Co 

for example, 1 (ISO). 2 (c 



cj tor example, 1 (ISU). z (coun- 
O). 2 (countries). 826 (Great Brit- 
of management object discussed and 



stored in MIB(-II) (including control, use etc.), is specified by air^\ire^Tabels sequence of type "1.2 " 

III. TECH* 

Based on the above analysis, the paper offers to us%Qurf!ries OIDs (example, 1.2.643 — Russia) as the global 
routing prefixes in IPv6 addresses. Thus, it the IPv6 addresses space need be split in three big clusters of: 

1 ) national IPv6 addresses subranges of coui/St 

2) special IPv6 addresses subrange, incki«nalocal, multicast and any technological IPv6 addresses; 

3) forbidden IPv6 addresses (an intemalkonal organization should take a decision to use IPv6 addresses not in- 
cluded in the above first and secomshbranges). These IPv6 addresses must not be used until a decision to use them 

is made. iw!^^ 

The countries' codes u^lyjthe fixed and mobile telephony systems could be an example of such a global split- 
ting up, i.e., each coj(!*iUs bound to its own international telephony code (identifier). Examples: "+7" to Russian 
Federation; "+n^^!m; "+44" to Great Britain; "+33" to France etc. 

HexadecimaTXding of IPv6 addresses subranges for some countries might look as follows: 
1) Rubb&^ 1264: 3000: :/20. 
^T^p"^- 1284:0::/20. 
jVreat Britain — 1282:6000: :/20. 

4) France — 1225:0::/20 . 



IV. MOTIVES AND EFFECTS 
The motives behind the method offered and its effects may be the following. 



30 th -31 st July, 2014, University of Greenwich, London, UK. 
DOI: 10.978.819252/12213 



Page I 17 



Proc. of the Int. Conf. on eBusiness, eCommerce, eManagement, eLearning and eGovernance (IC5E 2014) 



1) The Internet globalization which resulted in building national information communities (e-governments), prac- 
tically in all the countries of the world. National e-governments will be transformed to new social economic envi- 
ronments (SEE) [7]. In each country, such an SEE becomes a sphere of special economic interests which requires 
protection, both from external and internal interventions. 

2) The method offered actually delimits virtual national information communities and SEEs. By analogy with the 
Schengen countries, virtual borders remain open and transparent. However, there are the state and administrative 
borders between the countries of the Schengen zone. Such borders determine the zones of economic, financ^alffiegSl, 
environmental and other state responsibilities, meaning a boundary slip between them, which splits up th^sph^res of 
state interests. Similarly, the virtual borders of the national information communities actually becom|^^u*iOary slips 
in the worldwide virtual space. Thus, the offered method splits up the spheres of state inteflssts^^tne worldwide 
virtual space. * 

3) By analogy with the national radio frequency bands, each national IPv6 addressesffiymge will be public na- 
tional property of a state and maintaining and servicing such subranges could be a of the state budget replen- 
ishment. For example, Russians (or other country citizens) could get individ^1^/^l6%ddresses free throughout their 
life. Commercial organizations could rent the national IPv6 addresses sutft^j^ftlgirients (unique, not duplicate and 
in various amounts) on a paid basis. Now mobile and cellular commuakjkiflfls providers replenish national incomes 
by payments of radio frequency band rent. 

4) Maintaining national IPv6 addresses subrange data baseiiJ^WvlDB) and strict registration and control of used 




and unused IPv6 addresses will provide an exact identifier©* of cyber criminals and any intruders who conduct 
illegal activities in Russian or other country domain qf^ra^al information society. In particular, national information 
technology infrastructure (ITI), which is the basfSVf the information society (e-government), will pluck potential 
internal violators' attempts to use forbidderJPS6 addresses by a block of malicious IPv6 datagrams. The strict im- 
plementation of inevitable punishment#s^eSwBe of the assertion above. 

5) When cybercriminals make aternptV>f virtual penetration into Russian or other country' SEE by using forbid- 
den IPv6 addresses, their actiooyiii/rje intercepted at the boundary of the national information society, i.e. at the 
boundary of the national ITJrMweover, when the potential violators use legitimate IPv6 address, the fact of passing 
IPv6 packet with this acj^j^tvill be recorded on the virtual border. If the information security violation does occur, 
the cybercrime irl^efcgation materials will be transferred to that country whose IPv6 address was used (i.e. from the 
national IPv6 a^^li^es subrange of that country); 

6) By an^^ with the existing practice, the Internet service providers will rent unique (non-overlapping) parts of 
the^j^d^^l IPv6 addresses subrange for the appropriate payment. Internet service providers will assign IPv6 ad- 
dr^eato the clients on the basis of a particular permanent or temporary agreement. 

This will uniquely identify that an Internet service provider's client performed a wrongful act in cyberspace. This 
can be also applied to organizations and individuals, creating Web sites of extremist, terrorist, pornographic and 
other malicious information on the base of the Internet -providers services. 

7) For law-abiding citizens and organizations as Internet users, nothing will change impact. As they provide their 
personal data when signing agreements with Internet providers, they will go on doing so later during the transition to 
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IPv6 addressing with only one exception: they will have the right to use their individual IPv6 addresses or provided 
by Internet providers. 

8) The Internet users in the zones of free access to the Internet provided by private or charitable organizations (for 
example, a network of fast food restaurants "McDonald's") could also use their individual IPv6 addresses or provid- 
ed by private organizations depending on their information security policies. In this case, it is expected that private 
or charitable organizations will use some unique non-overlapping parts of the national IPv6 addresses subrange. 

V. IMPLEMENTATION ASPECTS 
International aspect. First, for the implementation of the offered method, an official transfer of IPv6 a^i^st space 
authority must be established by a generally accepted international organization (e.g. InternationaU^fefommunica- 
tion Union, International Organization for Standardization and other). To this end a decisim'jjjf UF^or only US au- 
thorities can be accepted. VJ^ 



S5v 



Second, adoption of some international acts and standards will determine the strate^^^icy, principles and rules 



of the IPv6 address space use as well as official selection of unique IPv6 addresses sulfchges for each country. 
Third, a transient period for national ITIs should follow while adapting tfft^^^wide system (the time transition 




interval) to a full-scale use of their IPv6 addresses subranges. 

Fourth, an organization of "cyber police" within, for example, the ^fepSl (International Criminal Police Organi- 
zation) can be established to investigate international cybercrimgjVrottide national cyber police services interaction 
and detect unauthorized prohibited IPv6 addresses use. 

National aspect. Each country should establish or assig^Sjsderal authority to create and implement national IPv6 
addresses subrange use strategy, policy, principles attlQpies. In particular, in the Russian Federation such an au- 
thority can be subordinate directly to the Presid*toKthe Russian Federation or to the Prime Minister of the Russian 
Federation (or his First Deputy) and be a p^^^me Administration of the President of the Russian Federation or the 



Executive Office of the Government owTS^tussian Federation. The federal authority shall form the Public Commis- 
sion, in which representatives of aAaterested agencies and organizations, including the public ones will work. One 
of the objectives of such a Cori^^fon would be to resolve all the conflicts that related to the distribution and oper- 
ation of the national IPv6-aCjrass space subrange, and to frame the necessary decisions and recommendations. 

Technological asvei£ ^^6-NDB must be created and maintained to control used for forbidden IPv6 addresses. 
The IPv6-NDB rnaAtj/ince should include an appropriate DB complex protection system and a control access sys- 
tem operatior be regulated by federal legal acts. 

IPv6-pjia^mformation technology system (ITS) may be created on a state-private partnership base. 

JhJ^taJctural aspect. Any state ITI serving as a national information community base should include malicious 
ancS^miinal traffic controls using the principle of skipping IPv6 packets with permitted IPv6 addresses only such 
as: 

1 ) national IPv6 addresses subrange of states, 

2) and special IPv6 addresses subrange, including local, multicast and any technological IPv6 addresses. 
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In addition, all state and private organizations maintaining and developing national ITI should configure their 
software and hardware network devices (routers, switchers, etc.) in order to prohibit processing IPv6-packets with 
forbidden IPv6-addresses. 

The procedures and rules of local IPv6 addresses use by organizations and agencies should provide a personal as- 
signment of local IPv6 addresses, i.e. a unique local IPv6 address should be bound to its employee. Local IPv6 ad- 
dresses must include state and organization/agency OIDs [8], otherwise, organizations and agencies must use their 
unique (non-overlapping) local IPv6 addresses subranges. Local IPv6-addresses distribution and maintenartowi »e 
countries will be part of the activities of the federal authority responsible for creating and implement^g strategy, 
policy, principles and rules of national IPv6 addresses subrange use. 

The procedures and rules of translators IPv6 addresses [7] use must include a conversio^pf^caladdresses to 
global ones and vice versa via corporate (agency-level) IT systems only. * 



VI. SUMMARY 



A method and a system of IPv6 addresses use in the global information communi^^an significantly reduce the 
cybercrime level and protect national ITI of states without any limitations x>ti^£ffights and freedom of citizens to 
get true and independent information. 
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